> Cisco AnyConnect

Cisco AnyConnect

Cisco AnyConnect can be integrated with Protectimus Two-Factor Authentication System using the RADIUS protocol:
  1. Install and configure Protectimus RProxy.
  2. Get registered with Protectimus SAAS Service or On-Premise Platform and configure basic settings.
  3. Configure Cisco AnyConnect authentication policies.
Configuring authentication policies in Cisco AnyConnect allows the transmission of an authentication request over the RADIUS protocol to Protectimus RProxy. Having received the request, the Protectimus RProxy component, in its turn, contacts the Protectimus authentication server to verify the one-time password of the user and returns the answer to Cisco AnyConnect using RADIUS.

1. Install and configure Protectimus RProxy

Detailed instructions for installing and configuring the Protestimus RProxy component are available here.

2. Get Registered and Configure Basic Settings

  1. Register with the Protectimus Cloud Service and activate API or the Protectimus On-Premise Platform.
  2. Add Resource.
  3. Add Users.
  4. Add Tokens or activate Users’ Self Service Portal.
  5. Assign Tokens to Users.
  6. Assign Tokens with Users to the Resource.

3. Configure Cisco AnyConnect authentication policies

1. Add the RADIUS server group to Cisco ASA configuration:

  • Connect to Cisco ASA using Cisco ASDM
  • Open Configuration —> Remote Access VPN —> AAA/Local Users —> AAA Server Groups
  • Click AAA Server Groups —> Add (1, 2)
  • Set the name and parameters as shown in the figure below (3)
  • Click OK (4)
Cisco AnyConnect two-factor authentication setup - step 1

2. Add the RADIUS Server to a Server Group:

  • Select a RADIUS Server Group that you’ve just created (1)
  • Click Add (2)
  • Set parameters of your RADIUS server (3)
  • Click OK (4)
Cisco AnyConnect two-factor authentication setup - step 2

3. Set up the AnyConnect VPN Connection:

  1. Open the AnyConnect VPN Wizard Click Wizards —> VPN Wizards —> AnyConnect VPN Wizard as shown in the figure.
Cisco AnyConnect two-factor authentication setup - step 3
  1. Then click Next as shown in the figure below.
Cisco AnyConnect two-factor authentication setup - step 4
  1. Specify the Connection Profile Name and VPN Access Interface name (1). Then click Next (2).
Cisco AnyConnect two-factor authentication setup - step 5
  1. Configure the VPN Protocols and add a Certificate as shown in the figures below.
Cisco AnyConnect two-factor authentication setup - step 6 Cisco AnyConnect two-factor authentication setup - step 7
  1. You can generate and add a self-signed certificate if necessary as shown in the figure below. After that click OK —> OK —> Next.
Cisco AnyConnect two-factor authentication setup - step 8
  1. Add a VPN client image (*.pkg files)
Cisco AnyConnect two-factor authentication setup - step 9
  1. Set up Authentication Methods:
  • Select the RADIUS Server Group that you’ve created as an AAA Server Group (1)
  • Modify the server name or IP if necessary (2)
  • Click Next (3)
Cisco AnyConnect two-factor authentication setup - step 10
  1. Configure SAML:
  • Select the RADIUS Server Group that you’ve created as an AAA Server Group (1)
  • Leave “None in the SAML Server field (2)
  • And click Next (3)
Cisco AnyConnect two-factor authentication setup - step 11
  1. Configure a Pool of IP addresses that will be assigned to the clients:
  • Choose New (1)
  • Specify the IP Pool parameters: Name, Starting IP Address, Ending IP Address, and Subnet Mask (2, 3)
  • And then click Next (4)
Cisco AnyConnect two-factor authentication setup - step 12 Cisco AnyConnect two-factor authentication setup - step 13
  1. Specify the DNS Server
Cisco AnyConnect two-factor authentication setup - step 14
  1. Configure NAT Exemptions:
  • Check the box Exempt VPN traffic from network address translation (1)
  • Set up an exemptions for Inside Interface (2)
  • And click Next (3)
Cisco AnyConnect two-factor authentication setup - step 15
  1. Allow connection via https, to do this check the box Allow Web Launch (1). And click Next.
Cisco AnyConnect two-factor authentication setup - step 16
  1. Check the settings you have specified and click Finish.
Cisco AnyConnect two-factor authentication setup - step 17
Last updated on 2022-01-28